search

cudeso / misp2sentinel

MISP to Sentinel integration
MIT License
52 stars 17 forks source link

Error in function app not connecting to misp server #61

Closed esben-2gcloud closed 9 months ago

esben-2gcloud commented 9 months ago

i get this error trying to get the misp feed to our sentinel. I have followed the guide, and im now clueless to what the mistake might be: Result: Failure Exception: PyMISPError: Unable to connect to MISP (https://misp-2gcloud.westeurope.cloudapp.azure.com/). Please make sure the API key and the URL are correct (http/https is required): HTTPSConnectionPool(host='misp-2gcloud.westeurope.cloudapp.azure.com', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3102e4deb0>: Failed to establish a new connection: [Errno 110] Connection timed out')) Stack: File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 479, in _handleinvocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, self.kwargs) File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 752, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(args) File "/home/site/wwwroot/MISP2Sentinel/init.py", line 112, in main pmain() File "/home/site/wwwroot/MISP2Sentinel/init.py", line 102, in pmain push_to_sentinel(key, value['id'], value['secret'], value['workspaceid']) File "/home/site/wwwroot/MISP2Sentinel/init.py", line 87, in push_to_sentinel parsed_indicators, total_indicators = _get_misp_events_stix() File "/home/site/wwwroot/MISP2Sentinel/init.py", line 25, in _get_misp_events_stix misp = ExpandedPyMISP(config.misp_domain, config.misp_key, config.misp_verifycert, False) File "/home/site/wwwroot/.python_packages/lib/site-packages/pymisp/api.py", line 212, in init__ raise PyMISPError(f'Unable to connect to MISP ({self.root_url}). Please make sure the API key and the URL are correct (http/https is required): {e}')

cudeso commented 9 months ago

Hello,

The below error indicates you cannot access your MISP server from where you are running the misp2sentinel integration.

Result: Failure Exception: PyMISPError: Unable to connect to MISP (https://misp-2gcloud.westeurope.cloudapp.azure.com/). Please make sure the API key and the URL are correct (http/https is required): HTTPSConnectionPool(host='misp-2gcloud.westeurope.cloudapp.azure.com', port=443): Max retries exceeded with url: /servers/getVersion (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3102e4deb0>: Failed to establish a new connection: [Errno 110] Connection timed out')) Stack: File "/azure-functions-

This can be a firewall, proxy or DNS problem.

esben-2gcloud commented 9 months ago

I does not seem to be a problem in the access, its accesseble by public ip, and we can use postman to see it pull data. Some how it still does not seem to work, and gives the same error.

cudeso commented 9 months ago

The first lines in the error log indicate that there is a connection issue. Maybe try directly with the IP and check you use a valid API key?

I does not seem to be a problem in the access, its accesseble by public ip

Do you mean publicly be everyone? At least from some locations there seems to be some sort of filtering in place.

cudeso commented 9 months ago

Closing pending feedback